Manualshelf

Virtual TapeServer 6.03.41 Installation Guide

ManualsBrandsHP ManualsServerHP NonStop G-Series
81828384858687888990
80 | Enabling Instant DR and AutoCopy
7. Check the SSH connection, if you configured SSH. At the command prompt, enter ssh
server uptime. For example, on the New York server, enter ssh newyork-idr uptime.
The first time you enter an ssh command, a message similar to the following is displayed:
The authenticity of host 'server_name (IP_addr)' can't be
established.
RSA key fingerprint is
5f:10:3c:47:78:8f:e3:28:9d:ab:6b:34:ed:d1:e4:08.
Are you sure you want to continue connecting (yes/no)?
Enter yes.
8. Repeat these steps on each VTS server.
Note RSH and SSH can be setup for one direction or multiple directions. If multiple
directions are configured, these steps should be executed from the other direction.
Configuring TCP/IP security
The need for security while using Instant DR becomes necessary if the communication link
between VTS servers is not completely within your network. If you do not secure the link,
others can gain access to the VTS operating system over TCP/IP from outside the corporate
network. To tighten security, you can configure IP tables to block all TCP/IP traffic going to
eth1 except SSH, RSH, and ICMP (ping and traceroute).
To configure TCP/IP security
1. On the VTS server, open the /etc/iptable-script file for editing.
2. Insert the following lines:
iptables -A INPUT -p tcp -i eth1 --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -i eth1 --dport 873 -j ACCEPT
iptables -A INPUT -p udp -i eth1 --dport 873 -j ACCEPT
iptables -A INPUT -p tcp -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -m state --state RELATED -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -i eth1 -j REJECT
iptables -A INPUT -p tcp -m state --state INVALID -j REJECT
Here is an explanation of these lines:
iptables -A INPUT -p tcp -i eth1 --dport 22 -j ACCEPT
Allows connections through port 22 (SSH).
iptables -A INPUT -p tcp -i eth1 --dport 873 -j ACCEPT
iptables -A INPUT -p udp -i eth1 --dport 873 -j ACCEPT
Allows connections through port 873 (RSH) UDP and TCP.
iptables -A INPUT -p tcp -m state --state ESTABLISHED -j ACCEPT
Tracks the connections and allows only established connections. An established
connection is associated with a connection that has seen packets in both directions.